FIPS 140-2 SERVICES

The EWA-Canada IT Security Evaluation & Test Facility (ITSET) provides a full complement of capabilities that support all facets of the FIPS 140-2 process. Federal Information Processing Standard (FIPS) 140-2 specifies the security requirements which must be met in order for products to be validated under the Cryptographic Module Validation Program (CMVP). The CMVP is a joint program between the US National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC). These two organizations oversee the validation of products and/or cryptographic modules to the FIPS 140-2 standard.

For vendors, a successful FIPS 140-2 can be validation can be essential to selling their products in US and international markets:

In the U.S. cryptographic modules shall be FIPS 140-2 validated when cryptography is used by federal government agencies to protect sensitive, but unclassified information (see section 3.2 of the FIPS 140-2 FAQ for details).

In Canada, the CSEC recommends federal agencies use FIPS 140-2 validated cryptographic modules to secure data designated as Protected A or Protected B.

In the U.K., the Communications-Electronics Security Group (CESG) recommends the use of FIPS 140 validated cryptographic modules.

Achieving validation under FIPS 140-2 can be a challenging undertaking. Selecting an experienced, accredited testing facility can play a key role in ensuring your endeavors are successful, on time and on budget. The EWA-Canada 's capabilities that support all facets of the FIPS 140-2 include.